A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server up to and including 4.2.0-b2047 allow remote malicious users to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately after the group is created. The malicious script is stored and will be executed again whenever /WiKIDAdmin/groups.jsp is visited.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wikidsystems two factor authentication enterprise server |